From owner-freebsd-security Wed Nov 28 6: 4:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 7C14837B416 for ; Wed, 28 Nov 2001 06:04:45 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id fASE4if18085; Wed, 28 Nov 2001 08:04:44 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id IAA17931; Wed, 28 Nov 2001 08:04:43 -0600 (CST) Message-ID: <3C04EEF9.D10C1B41@centtech.com> Date: Wed, 28 Nov 2001 08:04:41 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Rasputin Cc: "Stephen T. Shipley" , security@freebsd.org Subject: Re: crypted remote backup References: <200111270147.fAR1lDk16602@e-shipley.com> <20011128101048.A25860@shikima.mine.nu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What I have been doing is croning a script (as root) that tarballs the right stuff, and then scp the file as another user ("backup" in my case) to another box. This way I'm not logging in as root to copy a file over the net, and I don't have to have sshd set up to allow root logins at all. If you wanted to use rsync, there are a few ways to do it, but scp does a good job at recursively scp'ing files, although it will do ALL files every time. You can also look into unison, it may have some better options for you. Eric Rasputin wrote: > > * Stephen T. Shipley [011127 03:57]: > > Configure rsync.conf on source server (with 40g file) and run as a daemon. Provide a net name like "www" for alias to path. > > And possibly run from one of the /etc/periodic/daily scripts like this (on destination box). > > > > /usr/local/bin/rsync -e /usr/bin/ssh -avz ::www \ > > I think (though could be wrong) that the double colon here ^^ > will cause rsync to use rsh as a transport, despite the fact that > you specified ssh as an *available* transport with '-e ssh' earlier. > > And while we're on the subject, what's the safest way of doing this as root > (to preserve permissions, and have access to a whole fs tree; > I'm not too bothered about crypto at the destination directory) > > Cheers. > > > /usr/local/www/data/home_something_destination && rc=0||rc=3 > > -- > Love and scandal are the best sweeteners of tea. > Rasputin :: Jack of All Trades - Master of Nuns :: > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology An unbreakable toy is useful for breaking other toys. ------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message